diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/account.php | 37 | ||||
-rw-r--r-- | include/auth.php | 81 | ||||
-rw-r--r-- | include/conversation.php | 50 | ||||
-rw-r--r-- | include/crypto.php | 2 | ||||
-rw-r--r-- | include/identity.php | 102 | ||||
-rwxr-xr-x | include/items.php | 1 | ||||
-rw-r--r-- | include/notifier.php | 19 | ||||
-rw-r--r-- | include/text.php | 2 | ||||
-rw-r--r-- | include/user.php | 10 | ||||
-rw-r--r-- | include/zot.php | 37 |
10 files changed, 163 insertions, 178 deletions
diff --git a/include/account.php b/include/account.php index fe0be87bc..e08b129f3 100644 --- a/include/account.php +++ b/include/account.php @@ -102,7 +102,6 @@ function create_account($arr) { return $result; } - $email_result = check_account_email($email); if($email_result['error']) { @@ -142,7 +141,7 @@ function create_account($arr) { return($result); } - $r = q("select * from account where account_email = '%s' and password = '%s' limit 1", + $r = q("select * from account where account_email = '%s' and account_password = '%s' limit 1", dbesc($email), dbesc($password_encoded) ); @@ -153,34 +152,26 @@ function create_account($arr) { logger('create_account: could not retrieve newly created account'); } - $result['success'] = true; + // Set the parent record to the current record_id if no parent was provided + + if(! $parent) { + $r = q("update account set account_parent = %d where account_id = %d limit 1", + intval($result['account']['account_id']), + intval($result['account']['account_id']) + ); + if(! $r) { + logger('create_account: failed to set parent'); + } + $result['account']['parent'] = $result['account']['account_id']; + } + $result['success'] = true; $result['email'] = $email; $result['password'] = $password; return $result; } -/** - * Verify login credentials - * - * Returns account record on success, null on failure - * - */ - -function account_verify_password($email,$pass) { - $r = q("select * from account where email = '%s'", - dbesc($email) - ); - if(! ($r && count($r))) - return null; - foreach($r as $record) { - if(hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password']) { - return $record; - } - } - return null; -} function send_reg_approval_email($arr) { diff --git a/include/auth.php b/include/auth.php index cba6a67a7..4dfe74472 100644 --- a/include/auth.php +++ b/include/auth.php @@ -20,12 +20,36 @@ function nuke_session() { unset($_SESSION['page_flags']); } +/** + * Verify login credentials + * + * Returns account record on success, null on failure + * + */ + +function account_verify_password($email,$pass) { + $r = q("select * from account where account_email = '%s'", + dbesc($email) + ); + if(! ($r && count($r))) + return null; + foreach($r as $record) { + if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) + && (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) { + return $record; + } + } + return null; +} + // login/logout + + if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { @@ -59,6 +83,14 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p goaway(z_root()); } + $r = q("select * from account where account_id = %d limit 1", + intval($_SESSION['account_id']) + ); + if(count($r) && (($r[0]['account_flags'] == ACCOUNT_OK) || ($r[0]['account_flags'] == ACCOUNT_UNVERIFIED))) + get_app()->account = $r[0]; + else + $_SESSION['account_id'] = 0; + $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", intval($_SESSION['uid']) @@ -80,43 +112,6 @@ else { if((x($_POST,'password')) && strlen($_POST['password'])) $encrypted = hash('whirlpool',trim($_POST['password'])); - else { - if((x($_POST,'openid_url')) && strlen($_POST['openid_url']) || - (x($_POST,'username')) && strlen($_POST['username'])) { - - $noid = get_config('system','no_openid'); - - $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); - - // validate_url alters the calling parameter - - $temp_string = $openid_url; - - // if it's an email address or doesn't resolve to a URL, fail. - - if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) { - $a = get_app(); - notice( t('Login failed.') . EOL); - goaway(z_root()); - // NOTREACHED - } - - // Otherwise it's probably an openid. - - try { - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = $openid_url; - $_SESSION['openid'] = $openid_url; - $a = get_app(); - $openid->returnUrl = $a->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); - } catch (Exception $e) { - notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage()); - } - // NOTREACHED - } - } if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { @@ -144,6 +139,18 @@ else { } else { + get_app()->account = account_verify_password($_POST['username'],$_POST['password']); + + if(get_app()->account) { + $_SESSION['account_id'] = get_app()->account['account_id']; + } + else { + notice( t('Failed authentication') . EOL); + } + + logger('authenticate: ' . print_r(get_app()->account,true)); + + // process normal login request $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` diff --git a/include/conversation.php b/include/conversation.php index 59f2f2ed8..7f0edc5de 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -344,12 +344,6 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $total_children = $nb_items; foreach($items as $item) { - // prevent private email reply to public conversation from leaking. - if($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) { - // Don't count it as a visible item - $nb_items--; - continue; - } if($item['verb'] === ACTIVITY_LIKE || $item['verb'] === ACTIVITY_DISLIKE) { $nb_items --; @@ -406,15 +400,13 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $sp = false; $profile_link = best_link_url($item,$sp); - if($profile_link === 'mailbox') - $profile_link = ''; if($sp) $sparkle = ' sparkle'; else $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts,$normalised))) + if(x($a->contacts,$normalised)) $profile_avatar = $a->contacts[$normalised]['thumb']; else $profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $a->get_cached_avatar_image($thumb)); @@ -762,10 +754,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { else $nickname = $a->user['nickname']; - // prevent private email from leaking. - if($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) - continue; - $profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']); if($item['author-link'] && (! $item['author-name'])) $profile_name = $item['author-link']; @@ -774,15 +762,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { $sp = false; $profile_link = best_link_url($item,$sp); - if($profile_link === 'mailbox') - $profile_link = ''; if($sp) $sparkle = ' sparkle'; else $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) + if(x($a->contacts,$normalised)) $profile_avatar = $a->contacts[$normalised]['thumb']; else $profile_avatar = ((strlen($item['author-avatar'])) ? $a->get_cached_avatar_image($item['author-avatar']) : $item['thumb']); @@ -955,10 +941,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { } else { - // prevent private email reply to public conversation from leaking. - if($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) - continue; - $comments_seen ++; $comment_lastcollapsed = false; $comment_firstcollapsed = false; @@ -1146,15 +1128,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') { $sp = false; $profile_link = best_link_url($item,$sp); - if($profile_link === 'mailbox') - $profile_link = ''; if($sp) $sparkle = ' sparkle'; else $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts,$normalised))) + if(x($a->contacts,$normalised)) $profile_avatar = $a->contacts[$normalised]['thumb']; else $profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $a->get_cached_avatar_image($thumb)); @@ -1346,8 +1326,6 @@ function item_photo_menu($item){ $sparkle = false; $profile_link = best_link_url($item,$sparkle,$ssl_state); - if($profile_link === 'mailbox') - $profile_link = ''; if($sparkle) { $cid = intval(basename($profile_link)); @@ -1504,27 +1482,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { $jotplugins = ''; $jotnets = ''; - $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1); - - $mail_enabled = false; - $pubmail_enabled = false; - - if(($x['is_owner']) && (! $mail_disabled)) { - $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1", - intval(local_user()) - ); - if(count($r)) { - $mail_enabled = true; - if(intval($r[0]['pubmail'])) - $pubmail_enabled = true; - } - } - - if($mail_enabled) { - $selected = (($pubmail_enabled) ? ' checked="checked" ' : ''); - $jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> ' . t("Post to Email") . '</div>'; - } - call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); @@ -1565,7 +1522,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { '$defloc' => $x['default_location'], '$visitor' => $x['visitor'], '$pvisit' => (($notes_cid) ? 'none' : $x['visitor']), - '$emailcc' => t('CC: email addresses'), '$public' => t('Public post'), '$jotnets' => $jotnets, '$emtitle' => t('Example: bob@example.com, mary@example.com'), diff --git a/include/crypto.php b/include/crypto.php index 4c6f9a2ae..f6ba2ed83 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -3,8 +3,6 @@ require_once('library/ASNValue.class.php'); require_once('library/asn1.php'); -// supported algorithms are 'sha256', 'sha1' - function rsa_sign($data,$key,$alg = 'sha256') { $sig = ''; diff --git a/include/identity.php b/include/identity.php index 1e450869a..9b8065f6f 100644 --- a/include/identity.php +++ b/include/identity.php @@ -3,11 +3,44 @@ require_once('include/zot.php'); require_once('include/crypto.php'); + +function identity_check_service_class($account_id) { + $ret = array('success' => false, $message => ''); + + $r = q("select count(entity_id) as total from entity were entity_account_id = %d ", + intval($account_id) + ); + if(! ($r && count($r))) { + $ret['message'] = t('Unable to obtain identity information from database'); + return $ret; + } + + if(! service_class_allows($account_id,'total_identities',$r[0]['total'])) { + $result['message'] .= upgrade_message(); + return $result; + } + + $ret['success'] = true; + return $ret; +} + + +// Required: name, nickname, account_id + +// optional: pageflags + function create_identity($arr) { - $ret = array('success' => false, 'message' => ''); - $nick = trim($_POST['nickname']); - $name = escape_tags($_POST['name']); + $ret = array('success' => false); + + if(! $arr['account_id']) { + $ret['message'] = t('No account identifier'); + return $ret; + } + + $nick = trim($arr['nickname']); + $name = escape_tags($arr['name']); + $pageflags = ((x($arr,'pageflags')) ? intval($arr['pageflags']) : PAGE_NORMAL); if(check_webbie(array($nick)) !== $nick) { $ret['message'] = t('Nickname has unsupported characters or is already being used on this site.'); @@ -24,7 +57,7 @@ function create_identity($arr) { entity_pubkey, entity_pageflags ) values ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d ) ", - intval(local_user()), + intval($arr['account_id']), intval($primary), dbesc($name), dbesc($nick), @@ -36,44 +69,53 @@ function create_identity($arr) { $r = q("select * from entity where entity_account_id = %d and entity_global_id = '%s' limit 1", - intval(local_user()), + intval($arr['account_id']), dbesc($guid) ); + if(! ($r && count($r))) { $ret['message'] = t('Unable to retrieve created identity'); return $ret; } + $ret['entity'] = $r[0]; + + set_default_login_identity($arr['account_id'],$ret['entity']['entity_id'],false); + + // Create a verified hub location pointing to this site. + + $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_flags, + hubloc_url, hubloc_url_sig, hubloc_callback, hubloc_sitekey ) + values ( '%s', '%s', %d, '%s', '%s', '%s', '%s' )", + dbesc($ret['entity']['entity_global_id']), + dbesc(base64url_encode(rsa_sign($ret['entity']['entity_global_id'],$ret['entity']['entity_prvkey']))), + intval(($primary) ? HUBLOC_FLAGS_PRIMARY : 0), + dbesc(z_root()), + dbesc(base64url_encode(rsa_sign(z_root(),$ret['entity']['entity_prvkey']))), + dbesc(z_root() . '/post'), + dbesc(get_config('system','pubkey')) + ); + if(! $r) + logger('create_identity: Unable to store hub location'); + + $ret['success'] = true; return $ret; } +// set default identity for account_id to identity_id +// if $force is false only do this if there is no current default - - - - -class simple_identity { - - private $identity_uid; - private $identity_name; - private $identity_url; - private $identity_photo; - - function __construct($uid = '',$name = '',$url = '',$photo = '') { - $this->identity_uid = $uid; - $this->identity_name = $name; - $this->identity_url = $url; - $this->identity_photo = $photo; - } - - function to_array() { - return array( - 'zuid' => $this->identity_uid, - 'name' => $this->identity_name, - 'url' => $this->identity_url, - 'photo' => $this->identity_photo +function set_default_login_identity($account_id,$entity_id,$force = true) { + $r = q("select account_default_entity from account where account_id = %d limit 1", + intval($account_id) + ); + if(($r) && (count($r)) && ((! intval($r[0]['account_default_entity'])) || $force)) { + $r = q("update account set account_default_entity = %d where account_id = %d limit 1", + intval($entity_id), + intval($account_id) ); } -}
\ No newline at end of file +} + diff --git a/include/items.php b/include/items.php index bb053434d..f3e549e2b 100755 --- a/include/items.php +++ b/include/items.php @@ -3338,7 +3338,6 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) { // Only embed locally hosted photos $replace = false; $i = basename($image); - $i = str_replace(array('.jpg','.png'),array('',''),$i); $x = strpos($i,'-'); if($x) { diff --git a/include/notifier.php b/include/notifier.php index 27f178fe0..6bc0d98b3 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -439,25 +439,6 @@ function notifier_run($argv, $argc){ logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA); - // If this is a public message and pubmail is set on the parent, include all your email contacts - - $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1); - - if(! $mail_disabled) { - if((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid'])) - && (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid'])) - && (intval($target_item['pubmail']))) { - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `network` = '%s'", - intval($uid), - dbesc(NETWORK_MAIL) - ); - if(count($r)) { - foreach($r as $rr) - $recipients[] = $rr['id']; - } - } - } - if($followup) $recip_str = $parent['contact-id']; else diff --git a/include/text.php b/include/text.php index feafafd06..79b4bba39 100644 --- a/include/text.php +++ b/include/text.php @@ -1152,7 +1152,7 @@ function generate_user_guid() { -function base64url_encode($s, $strip_padding = false) { +function base64url_encode($s, $strip_padding = true) { $s = strtr(base64_encode($s),'+/','-_'); diff --git a/include/user.php b/include/user.php index 21a1e3b48..1b497a06e 100644 --- a/include/user.php +++ b/include/user.php @@ -219,8 +219,8 @@ function create_user($arr) { t('default'), 1, dbesc($username), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), + dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), + dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), intval($publish), intval($netpublish) @@ -239,9 +239,9 @@ function create_user($arr) { datetime_convert(), dbesc($username), dbesc($nickname), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"), + dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), + dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), + dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"), dbesc($a->get_baseurl() . "/profile/$nickname"), dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")), dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), diff --git a/include/zot.php b/include/zot.php index 04b84900b..20ec7686d 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2,15 +2,15 @@ /** * - * @function zot_new_uid($entity_id) - * @entity_id = integer id of controlling entity + * @function zot_new_uid($entity_nick) + * @entity_id = unique nickname of controlling entity * @returns string * */ -function zot_new_uid($entity_id) { - $rawstr = z_root() . '/' . $entity_id . '.' . mt_rand(); - return(base64url_encode(hash('whirlpool',$rawstr,true),true) . '.' . mt_rand()); +function zot_new_uid($entity_nick) { + $rawstr = z_root() . '/' . $entity_nick . '.' . mt_rand(); + return(base64url_encode(hash('whirlpool',$rawstr,true),true)); } @@ -63,7 +63,9 @@ function zot_notify($entity,$url) { $x = z_post_url($url, array( 'type' => 'notify', 'guid' => $entity['entity_global_id'], - 'hub' => z_root(), + 'guid_sig' => base64url_encode($guid,$entity['prvkey']), + 'hub' => z_root(), + 'hub_sig' => base64url_encode(z_root,$entity['prvkey']), 'callback' => '/post', 'spec' => ZOT_REVISION) ); @@ -73,12 +75,15 @@ function zot_notify($entity,$url) { function zot_gethub($arr) { - if((x($arr,'hub')) && (x($arr,'guid'))) { + if((x($arr,'guid')) && (x($arr,'guid_sig')) && (x($arr,'hub')) && (x($arr,'hub_sig'))) { $r = q("select * from hubloc - where hubloc_guid = '%s' and hubloc_url = '%s' + where hubloc_guid = '%s' and hubloc_guid_sig = '%s' + and hubloc_url = '%s' and hubloc_url_sig = '%s' limit 1", dbesc($arr['guid']), - dbesc($arr['hub']) + dbesc($arr['guid_sig']), + dbesc($arr['hub']), + dbesc($arr['hub_sig']) ); if($r && count($r)) return $r[0]; @@ -95,13 +100,19 @@ function zot_register_hub($arr) { if($record->hub && count($record->hub)) { foreach($record->hub as $h) { // store any hubs we don't know about - if( ! zot_gethub(array('hub' => $h->url, 'guid' => $arr['guid']))) { - $r = q("insert into hubloc (hubloc_guid, hubloc_flags, hubloc_url, - hubloc_callback, hubloc_sitekey, hubloc_key) - values ( '%s', %d, '%s', '%s', '%s', '%s' )", + if( ! zot_gethub( + array('guid' => $arr['guid'], + 'guid_sig' => $arr['guid_sig'], + 'hub' => $h->url, + 'hub_sig' => $h->url_sig))) { + $r = q("insert into hubloc (hubloc_guid, hubloc_guid_sig, hubloc_flags, hubloc_url, + hubloc_url_sig, hubloc_callback, hubloc_sitekey, hubloc_key) + values ( '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )", dbesc($arr['guid']), + dbesc($arr['guid_sig']), intval((($h->primary) ? HUBLOC_FLAGS_PRIMARY : 0) | HUBLOC_FLAGS_UNVERIFIED ), dbesc($h->url), + dbesc($h->url_sig), dbesc($h->callback), dbesc($h->sitekey), dbesc($record->key) |